[wp-trac] [WordPress Trac] #31767: insert_with_markers() is not atomic, leading to corrupted .htaccess updates under race conditions

WordPress Trac noreply at wordpress.org
Fri Oct 2 17:51:17 UTC 2015 

#31767: insert_with_markers() is not atomic, leading to corrupted .htaccess updates
under race conditions
---------------------------------+-----------------------
 Reporter:  tigertech            |       Owner:  dd32
     Type:  defect (bug)         |      Status:  assigned
 Priority:  normal               |   Milestone:  4.4
Component:  Filesystem API       |     Version:  4.1.1
 Severity:  critical             |  Resolution:
 Keywords:  has-patch 4.4-early  |     Focuses:
---------------------------------+-----------------------

Comment (by tigertech):

 Since we're changing this, I have one more suggestion that would reduce
 the chance of corruption even more.

 In all the cases where I saw corruption "in the wild", a plugin or theme
 was constantly (and unwisely) rewriting the same data over and over on
 every page view. The parameters being passed were the same each time, so
 the actual contents of the file were identical after
 `insert_with_markers()` was called.

 It would be useful to not write the file at all if it won't change.
 Perhaps it could figure out what the original contents look like, then
 compare the old and new, and skip the write if they're identical.
 Something like:

 {{{
 // Compare the new and old data to see if a write is necessary
 $old_file_data = implode( "\n", array_merge( $lines ));
 if ( $old_file_data === $new_file_data ) {
     flock( $fp, LOCK_UN );
     fclose( $fp );
     return true;
 } else {
     // Write to the start of the file, and truncate it to that length
 }}}

 (Well, not literally like that, because duplicating the flock and fclose
 would be ugly and stupid code, but you get the idea.)

 I tested this and it seemed to work fine, avoiding rewrites of identical
 data but correctly rewriting changed data. Avoiding most writes should
 avoid most potential race conditions on systems where flock isn't
 supported.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31767#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list